| Age | Commit message (Collapse) | Author |
|---|
|
random cookies to protect access to function return instructions, with the
effect that the integrity of the return address is protected, and function
return instructions are harder to use in ROP gadgets.
On function entry the return address is combined with a per-function random
cookie and stored in the stack frame. The integrity of this value is verified
before function return, and if this check fails, the program aborts. In this way
RETGUARD is an improved stack protector, since the cookies are per-function. The
verification routine is constructed such that the binary space immediately
before each ret instruction is padded with int03 instructions, which makes these
return instructions difficult to use in ROP gadgets. In the kernel, this has the
effect of removing approximately 50% of total ROP gadgets, and 15% of unique
ROP gadgets compared to the 6.3 release kernel. Function epilogues are
essentially gadget free, leaving only the polymorphic gadgets that result from
jumping into the instruction stream partway through other instructions. Work to
remove these gadgets will continue through other mechanisms.
Remaining work includes adding this mechanism to assembly routines, which must
be done by hand. Many thanks to all those who helped test and provide feedback,
especially deaadt, tb, espie and naddy.
ok deraadt@
|
|
|
|
ok deraadt@
|
|
ok patrick@
|
|
compatibility layer.
|
|
ok guenther@
|
|
one location under /usr/share/relink.
Be more specific in src/etc/rc reorder_libs() what filesystems
need r/w remount and ensure that their mount state is restored.
Idea and positive feedback from deraadt@
OK aja@ tb@
|
|
ok jsg@, patrick@, deraadt@
|
|
any longer; ok espie@ deraadt@
|
|
|
|
ok espie@
|
|
deleting ../ in the path
|
|
but keep gcc4 in the build for these as well
ok deraadt@
|
|
|
|
clang optimizes better for size with -Oz so use that as a default to avoid
overflowing the ramdisk floppies. gcc now accepts -Oz as an alias for -Os.
ok kettenis@
|
|
okay schwarze@
|
|
years ago when we formatted manual pages at build time.
Opportunity for cleanup discovered by espie@.
Make build & release in base and Xenocara checked myself,
and checked in a bulk build by ajacoutot@.
OK espie@ millert@ deraadt@
|
|
Outdated terminology noticed by espie@.
|
|
remnant from the remote past when we used to install preformatted
manuals.
2. The list of files deleted by the clean target grew out of date
and was incomplete, but we already know that it will change again
soon, so delete overdocumentation.
Feedback and OK espie@.
|
|
bsd.sys.mk more specific; wording with one tweak from espie@
|
|
|
|
closely related to. Delete the example involving PARALLEL, which no
longer exists. Instead, add a different example involving yacc(1).
OK espie@
|
|
instead of using / where the libraries are re-ordered on reboot
ok aja@
|
|
|
|
|
|
"noticed" by Ingo.
|
|
|
|
proper english usage and okay jmc@
|
|
by using alternate setup
PROGS = a b c along with SRCS_a = ... , SRCS_b = ... , SRCS_c = ...
okay millert@
|
|
files. This fixes up parallel builds in the default case.
FreeBSD does something similar.
okay millert@
|
|
no functional change
|
|
this specific rule is only triggered twice in the whole ports tree
(sysutils/xjobs and print/l2a)
This fixes them
|
|
make -j will be happier.
okay millert@
|
|
don't include .d files during obj and cleanup, because those files might
be utterly bogus following an untimely reboot.
This allows cleaning stuff up without needing to manually remove those
files.
okay millert@, kettenis@
|
|
|
|
kernel Makefiles (thank you!), also add lex and yacc generated files to
that list.
Let those lex/yacc variables be defined for bsd.lib.mk as well.
Complete the SRCS -> OBJS hints with the library dependency
This should fix most dependency problems.
Commit now, so that people can check if something else is still amiss.
krw@ agrees
|
|
the old mkdep run did walk the SRCS list and write those as a side-effect.
Without this, bsd.prog.mk .SUFFIXES order will have OBJS depend on the
wrong src file.
Causes of the alpha/stand/bootxx breakage.
|
|
on the command line, things will still work
|
|
commit the right DEPS definition.
|
|
I asked jmc, told me to go ahead and he'd review it when he can.
|
|
where a separate depend step is still needed, mostly gcc3 and mesa).
Use of BUILDFIRST is mostly enough to make sure important stuff is built
first.
Otherwise, this makes use of -M* compiler options to generate dependencies
on the fly. There is a bit of behind-the-scene for targets with several
steps (like yacc and/or libraries) and the compiler needs extra hand-holding
with assembler files (don't know why, don't care).
Idea based on guenther@'s initial kernel work, loads of input from
drahn, aoyama, tb, etc.
okay tb@
"why wait" deraadt@
|
|
This used to be necessary a long time ago in the... gcc 2.95 days.
from miod@
|
|
record every standard component built in bsd.lib.mk/bsd.prog.mk in BUILDAFTER
and have BUILDAFTER depend on BUILDFIRST, thus making possible to build
some stuff early without relying on "make depend"
okay tb@ millert@
|
|
|
|
(needed on i386)
|
|
- some std= parameters are actually critical, -std=c++11 makes a huge
difference for clang.
- explicitly ask mkdep to run the C++ compiler for C++ code, as again,
some compilers will see the difference.
(this should allow us to repair make depend under src/gnu/usr.bin/clang)
okay kettenis@
|
|
The option has been deprecated for almost 7 years by now.
ok tb@
|
|
of randomizing the order so let's read the libs on the system and link the
same way in case a syspatch is being built
|
|
ok kettenis
|
|
doesn't actually flip the switch yet, so aarch64 continues to be the only
architecture for which we build clang.
ok jsg@, deraadt@
|
